Speech by SEC Staff:
The Themes of Sarbanes-Oxley as Reflected in the Commission's Enforcement Program

by

Stephen M. Cutler

Director, Division of Enforcement
U.S. Securities and Exchange Commission

UCLA School of Law
Los Angeles, CA
September 20, 2004

The SEC, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or the staff of the Commission.

As I was thinking about my remarks here this evening, I came across a few well-chosen words by a fellow securities lawyer ruminating about a marketplace beset by a series of debilitating scandals. "The public corporation," he said,

is currently under severe attack because of the many revelations of improper corporate activity. It is not simple to assess the cause of this misconduct. Since it has taken so many different forms, the one dimensional explanation that . . . such conduct is a way of life, is simply not acceptable.

My colleague continued: "[B]ecause of the critical state we are now in, I believe certain strong measures are required. We must take steps," he declared, "to assure the corporate governance functions as designed. Directors must direct and accountants must make a proper accounting." Now I know what some of you here this evening must be thinking: "That's sort of obvious, isn't it? Why is this fellow from Washington wasting our time with prose that's so . . . well, prosaic." And after Enron, the Internet bubble, the telecom crash, the dethroning of Wall Street's once princely research analysts and the betrayal of investors by many of our nation's most venerated mutual fund advisers, I'll grant you that the words I've recited might seem obvious. But they weren't so self-evident when my colleague at the bar, Stanley Sporkin, uttered them. For he did so more than a quarter century ago, when he was the SEC's Enforcement Director (before, as some of you know, he went on to become a distinguished member of the bench). Back in 1974, what was weighing on Judge Sporkin's mind was an earlier rash of corporate misconduct - company after company was revealed to have bribed foreign government officials. The response was historic legislation in the securities area - the Foreign Corrupt Practices Act, which imposed books-and-records and reporting requirements on public companies.

History repeats itself. Or, maybe, to borrow from Mark Twain: "While history doesn't [quite] repeat itself; it does rhyme." Fast forward 30 years, and what we've been through is an epidemic of corporate scandals - a different set of corporate scandals, to be sure, broader and more far-reaching, touching almost every investor in this country and many elsewhere - followed once again by legislation - in this case, the Sarbanes-Oxley Act of 2002, which some have called the most important legislation in the securities field since the creation of the SEC and the adoption of the framework for federal regulation of our securities markets in the 1930s.

What I'd like to talk about this evening are the principal tenets of that legislative response to corporate wrongdoing and, to bring this around to what I spend my time doing, how the SEC's enforcement program during the last two years has dovetailed with - really mirrored - those tenets or themes in an effort to prevent history from repeating itself (or rhyming) yet again. Let me briefly tell you what I believe those themes to be: the first is the fundamental significance of gatekeepers in maintaining fair and honest markets; the second is the importance of maintaining integrity in the investigative process aimed at ferreting out securities law violations; and the third is the need for greater personal accountability and deterrence at the top of the corporate world.

I'll come back to those themes at greater length, but at the outset, it's worth noting there has been a lot of debate, particularly in recent months, about the efficacy of the Sarbanes-Oxley Act: Even before its requirements have become fully effective, some have begun to question whether the burdens it imposes are justified. Was such a tectonic shift in our regulatory landscape really needed? Was Sarbanes-Oxley wise policy or was it a politically-driven overreaction to the scandals that gave rise to it? For what it's worth, I come down on the side of the legislation. As memories of Enron, WorldCom, Tyco, Adelphia, HealthSouth and other examples of appalling corporate behavior begin to fade, perhaps it shouldn't come as a surprise that the benefits of Sarbanes-Oxley would be heavily discounted and that the critics would focus almost exclusively on the burdens of its requirements. While I'd be the first to acknowledge that the legislation's costs are not insignificant, I also think it would be a profound mistake to roll back or dismantle the statute's central dictates - particularly before we've had the opportunity to see them at work. And of course, many of the compliance costs imposed by the statute are likely to be higher in the first year or two than they'll ultimately be down the road. In the meantime, I can assure you, the Commission has been, and will continue to be, sensitive to the costs imposed by Sarbanes-Oxley as it implements the Act's provisions.

Perhaps this is a good time to remind you that my remarks this evening are my own and don't necessarily reflect the views of the Commission or other members of the Commission staff.

Gatekeepers

On to the first of the legislation's three themes - which, you'll recall, is the importance of the gatekeeper function in our capital markets. What do I mean by "gatekeepers?" The sentries of the marketplace: the auditors who sign off on companies' financial data; the lawyers who advise companies on disclosure standards and other securities law requirements; the research analysts who warn investors away from unsound companies; and the boards of directors responsible for oversight of company management. They're paramount in ensuring that our markets are clean. And Congress recognized that when it enacted Sarbanes-Oxley.

With respect to auditors, the legislation ended the profession's self-regulatory regime and established in its place the Public Company Accounting Oversight Board. On the auditor independence front, Sarbanes-Oxley imposed significant restrictions on the sorts of relationships accounting firms could have with the companies they audit.

As for lawyers, Sarbanes-Oxley required the SEC to set minimum standards of professional conduct for those appearing and practicing before us. And the SEC has done so, requiring attorneys with evidence of material violations of federal securities laws or breaches of fiduciary duty to "report up the ladder" to senior management and, if necessary, the board of directors. I recently read with interest about a new program at Harvard that addresses issues raised by the business of law. The professor who founded the program said in an interview that "[i]f Enron has taught us anything, it ought to be that professionals have a very important role as gatekeepers. We have to understand the market in which the professionals operate and the pressures they are under. We need to develop institutional strategies that allow firms to regulate their members better." As law has become more of a business than a profession, it's gotten that much harder in my view for lawyers to heed the advice of lawyer and statesman, Elihu Root. He said that "[a]bout half the practice of a decent lawyer is telling his clients that they are damned fools and should stop."

Wall Street's research analysts also came under Congress' scrutiny in Sarbanes-Oxley. You're all familiar with the stories about Jack Grubman, Henry Blodget and other analysts whose fealty was to their investment banking colleagues - and the fees those colleagues were generating - rather than to the investors they were supposedly serving. Ultimately, the SEC, the New York Attorney General and other regulators addressed this problem in a global settlement with a dozen Wall Street firms that resulted in payments to date of more than $1.5 billion and significant structural reforms. The Sarbanes-Oxley Act required the adoption of rules governing securities analysts' potential conflicts of interest and in July, 2003, the SEC approved a series of New York Stock Exchange and NASD rules that further segregated the research analyst function from investment banking and required improved disclosure to customers.

Finally, when it comes to gatekeepers, Sarbanes-Oxley significantly increased the responsibility of independent directors - particularly, the members of a Board's audit committee - in overseeing the accounting, reporting and auditing functions. Too many times, outside directors were chosen for who they knew rather than what they knew. They weren't just disinterested; they were uninterested. But as a result of Sarbanes-Oxley, public company audit committee members now are required to meet independence and financial literacy standards; are responsible for the hiring and oversight of auditors, and must be apprised of all accounting-related complaints received by management.

So what have we done in the enforcement area to address the role of gatekeepers and hold them accountable for failing to discharge their legal responsibilities? Quite a lot, in my view. But I have to confess that this isn't a brand new idea for us. For as far back as the early 70s, the Commission's enforcement program has focused on gatekeepers. Actually, Judge Sporkin had his own name for this approach. He called it the "access theory." Ensure good behavior by those who control "access" to our capital markets and you could achieve more than you would by going after every bad actor. In short, pursuing gatekeepers was the most targeted and effective way of using the agency's limited enforcement resources. And limited they are. While we've been the beneficiaries of significant budget increases in the last three years, we're still quite small when you consider the breadth of our "beat" -- more than 12,000 public companies; 7,200 broker-dealers; 8,200 investment advisers; and 35,000 mutual funds.

So on to what we've done:

Well, starting with auditors, we've changed our approach. While in the past, the Commission had focused only on individual auditors for deficient audits, it now more regularly grapples with the question of firm responsibility for those audits.

In August, for example, the Commission imposed a $1.5 million fine against the firm of Grant Thornton, in connection with the financial reporting failure at MCA Financial Corporation. In addition to the penalty, the Commission required Grant Thornton to invest in fraud-detection training for all of its auditors, the first time we have imposed such a sanction. And just a few months earlier, we obtained a $2.4 million penalty against PricewaterhouseCoopers for aiding and abetting the reporting violations of Warnaco. Earlier this year, we barred Ernst & Young from taking on new audit clients for six months for violating the auditor independence rules. And, as widely reported, we are currently litigating with KPMG in connection with what we believe to have been that firm's deficient audits of Xerox Corporation.

What good, you might ask, does it do to hold an entity responsible for securities law violations? After all, you might say, organizations don't commit crimes; people do. But actually, they both do. Securities law violations are very often the product of the corporate culture in which they arise. And enterprise liability can have a significant deterrent and preventive effect. Faced with the prospect of liability in Commission actions, it is our hope that accounting firms will take an even greater role in ensuring that individual auditors are properly discharging their special and critical gatekeeping role.

Now I want to be clear: We do not view firm liability as a substitute for individual accountability. Thus, we have also continued to be quite diligent about pursuing individual auditors. Most recently, the Commission barred from practice before it a PricewaterhouseCoopers engagement partner who, we alleged, failed to heed red flags during his audit of Anicom. We have also brought actions against individuals of other well-known firms who ignored evidence of fraud in issuing their audit opinions, including the two Ernst & Young audit partners who failed to detect that Cendant's financial statements did not meet GAAP, and the group of four KPMG partners, including the head of the firm's department of professional practice, that we have sued for their participation in Xerox's accounting scheme.

How about lawyers? Consistent with Sarbanes-Oxley's focus on the important role of lawyers as gatekeepers, we have stepped up our scrutiny of the role of lawyers in the corporate frauds we investigate. We have named lawyers as respondents or defendants in more than 30 of our enforcement actions in the past two years.

Many of those we charged could have avoided problems if they had heeded Elihu Root's advice. We have seen too many examples of lawyers who twisted themselves into pretzels to accommodate the wishes of company management, and failed in their responsibility to insist that the company comply with the law. These include Warnaco's general counsel, Stanley Silverstein, who recently settled our charges against him for certifying a misleading annual report containing material misstatements that were at the heart of the company's reporting violations; Gemstar-TV Guide's former general counsel Jonathan Orlick, who, we allege, facilitated Gemstar's fraudulent revenue enhancement scheme by providing false certifications to Gemstar's auditors; and Leonard Goldner, the former general counsel of Symbol Technologies, who, we allege, manipulated stock option exercise dates to enable certain senior executives of the company, including himself, to profit unfairly at the company's expense.

While all of these are examples of in-house counsel gone astray, I think it's notable that close to half the Commission's actions against lawyers during the past two years involved outside counsel. Last April, for example, we brought an action against counsel to a Pennsylvania school district based on two unqualified legal opinions he issued regarding a note offering. More recently, we sued another bond counsel who, we allege, issued favorable legal opinions on a series of municipal bond underwritings, despite his knowledge that the bond proceeds were being wrongfully commingled and diverted.

We have more to do in this area. Based on our current investigative docket, I think you can expect to see one or more actions against lawyers who, we believe, assisted their clients in engaging in illegal late trading or market timing arrangements that harmed mutual fund investors. We are also considering actions against lawyers, both in-house and outside counsel, who assisted their companies or clients in covering up evidence of fraud, or prepared, or signed off on, misleading disclosures regarding the company's condition. One area of particular focus for us is the role of lawyers in internal investigations of their clients or companies. We are concerned that, in some instances, lawyers may have conducted investigations in such a manner as to help hide ongoing fraud, or may have taken actions to actively obstruct such investigations.

On the analyst front, I mentioned the global settlement, which has received significant attention. But we've brought other cases as well. Last January, we settled a case with Robertson Stephens, in which we alleged that a research analyst at the firm issued glowing reports on two public companies that had announced proposed mergers with private companies. What the analyst failed to disclose is that he owned stock in the target companies, and stood to make a substantial amount of money if the mergers were consummated. And just a few weeks ago, we sued half a dozen brokerage firms for failing to disclose, in violation of the law, that they had received payments for providing research coverage of certain public companies.

While they don't involve analysts, I think it's worth mentioning the Commission's cases against Wall Street firms Merrill Lynch, Citigroup, JP Morgan Chase and CIBC in connection with their roles in Enron's demise: We sued each of these firms, and in some cases, their personnel, for having entered into transactions with Enron that the firms knew or should have known were aimed at obscuring Enron's financials. The settlements in those cases have produced almost $400 million in disgorgement and penalties for the benefit of Enron's shareholder victims. And perhaps even more importantly, they stand for the proposition that an issuer's bankers can't close their eyes to the purpose and impact of transactions designed to manipulate the issuer's financial statements. Bankers, too, are gatekeepers in our marketplace.

Finally, on the gatekeeper theme, what are we doing when it comes to non-management directors? Well, at the end of 2002, we brought a settled enforcement case against Frank Walsh, an outside director of Tyco, in connection with the company's failure to disclose his receipt of a $20 million finder's fee. And a little more than a year ago, we brought a case alleging nonfeasance by two outside directors of Chancellor Corporation. We alleged that they ignored warning signs that Chancellor was engaged in improper accounting practices. I think it is noteworthy that the alleged failures of the two outside directors involved transactions by management, a situation in which the need for vigilance by outside directors is especially critical.

In a slightly different context, we recently entered into a settlement with the independent directors of two high-yield municipal bond funds managed by Heartland Advisers. We alleged that the directors failed to take adequate steps to ensure that the funds were priced properly. And just last month, we sued one of the outside directors of the Van Wagoner Funds for investing in certain private placement offerings alongside the funds themselves - transactions that were illegal under the securities laws.

Over the next year, we intend to continue focusing closely in our investigations on whether outside directors have lived up to their role as guardians of the shareholders they serve. As with the Chancellor case, we will exercise particular scrutiny in considering the role of directors in approving or acquiescing in transactions by company management.

Protecting the Integrity of the Investigative Process

That brings me to Sarbanes-Oxley's second theme. As deeply concerned as Congress was about gatekeepers and the standards of proper professional behavior, it was also focused on investigations of those who failed to adhere to those standards. You'll recall that Sarbanes-Oxley was passed after allegations had surfaced about document shredding and wholesale document destruction at Enron, both by Enron personnel and personnel at the audit firm of Arthur Andersen - and after the SEC had served its initial round of document requests. And of course, it was that conduct - and not any substantive violation of the securities laws - that led to the conviction and ultimate demise of Arthur Andersen. Perhaps as a result, Sarbanes-Oxley specifically required that auditors maintain their work papers for five years, and expressly prohibited the destruction, alteration or concealment of documents by those seeking to frustrate a federal investigation. And what's more, severe penalties would be meted out to those who didn't comply: up to 20 years in prison.

Some have suggested that the obstruction charges levied against Arthur Andersen, as well as those leading to convictions and jail terms for Martha Stewart and Frank Quattrone for obstructing SEC investigations were a poor substitute for criminal securities fraud charges. But I think those views are misplaced. Perjury and obstruction of justice in our investigations are serious threats to investor protection. For securities fraud, unlike other crimes, rarely (if ever) can be proven by physical, "CSI"-like evidence such as fingerprints, carpet fibers, or DNA. So if a company or its employees can get away with concealing or destroying evidence, or lying to investigators, our efforts to uncover the facts and assess responsibility are likely to be hindered. Permitting parties to interfere with a Commission investigation wrongly discounts the injuries suffered by victims of financial crime.

We've also recognized that principle in our civil enforcement actions. The Commission recently fined Banc of America Securities $10 million for its failure to promptly furnish records requested by Commission investigators. In our settlement with Halliburton over the company's failure to disclose a change in its accounting practices, the company paid a $7.5 million penalty reflecting, in part, conduct by the company during the course of our investigation that delayed our receiving critical information and documents. Deutsche Bank also recently paid a high price for its failure to produce documents, paying a $7.5 million penalty, in addition to other significant penalties and disgorgement, in a case focused on research analyst conflicts of interest.

Accountants are not beyond the reach of the law in this regard either, as several Ernst & Young auditors discovered when we brought actions against them based on allegations that they had altered work papers and destroyed other documents relating to their audit of NextCard. And more recently, we barred the accounting firm of Levine, Hughes & Mithuen from public auditing for three years in part because the firm had altered and destroyed some of its work papers after learning of an investigation relating to one of its audit clients.

The lasting impression these cases create will, we hope, benefit the investing public for months and years to come by ensuring truthful witnesses, and faster, more thorough investigations that lead to swift and certain sanctions against those responsible for violating the federal securities laws.

Personal Accountability and Greater Deterrence at the Top

That's a nice segue to the third and last theme of Sarbanes-Oxley - really twin themes of significantly enhanced personal accountability at the top, coupled with stiff sanctions for corporate executives who fail in their duties.

As for accountability, Sarbanes-Oxley requires public company CEOs and CFOs to certify that the financial statements their companies issue are accurate. Criminal as well as civil penalties attach for lying in these certifications. No longer can a CEO or CFO say about his or her company's financial statements - as we sometimes hear in our testimony rooms - "that's not my job; I was the big picture person."

We have already brought a number of actions against company executives for violating the certification provision of Sarbanes-Oxley. In August, we filed a settled case against the President and CEO of Vaso Active Pharmaceuticals, for certifying the company's periodic reports, despite the reports containing false and misleading statements. As part of our settlement with him, the President was barred from acting as an officer or director of a public company for five years. We also sued the CEO and CFO of Rica Foods for certifying a periodic report that contained material errors. And still pending is a lawsuit against HealthSouth's Chief Financial Officer in connection with his certification of the company's misleading financial statements.

Hand in hand with requiring greater accountability by corporate executives, Sarbanes-Oxley focused on deterrence by imposing greater sanctions on corporate officials who break the law. The Act created a new criminal securities fraud offense, with a maximum penalty of 25 years' imprisonment. And the maximum prison sentence for criminal mail and wire fraud was also increased to 25 years.

Consistent with Sarbanes-Oxley's focus on accountability and deterrence, we have, in the past two years, held accountable the most senior executives at some of America's most fabled companies for their roles in their companies' fraudulent schemes. The list of officers we have sued is too long to detail, but includes: 16 members of Enron's former senior management team, including Kenneth Lay, Jeffrey Skilling and Andrew Fastow; Scott Sullivan, the former CFO of WorldCom, and other WorldCom executives; Linda Wachner, the former CEO, and William Finkelstein, the former CFO, of Warnaco; and Richard Scrushy, the ex-CEO and Chairman of HealthSouth Corporation, as well as 11 other HealthSouth executives. We've also brought enforcement actions against senior executives of Gateway, Adelphia, Xerox, Waste Management, Vivendi, Rite Aid, HomeStore and Gemstar, for their roles in their companies' accounting frauds.

The cases I have just mentioned send a strong message that we will make sure corporate violators take responsibility for egregious conduct, and don't view the prospect of a securities enforcement action as an acceptable cost of doing business.

In that regard, Sarbanes-Oxley also strengthened the Commission's hand by lowering the standard the Commission must meet in seeking officer and director bars. We used to have to prove that a defendant was "substantially unfit" to serve. Now we simply have to show that the defendant is "unfit." While this may seem picayune, the numbers demonstrate how significant this change has been for us: in the fiscal year ended September 30, 2001, we sought only 51 officer and director bars against corporate wrongdoers. In the last two years, we have sought approximately 300. One important example of the Commission's willingness to use this remedy in expanded ways is the recent Spear & Jackson pump-and-dump case, filed in April of this year. In that case, alleging a two-year scheme to inflate that issuer's share price, we sought and obtained an emergency ex parte order barring Spear & Jackson's CEO Dennis Crowley from serving as an officer or director of a public company.

Now before you conclude that we have come down too hard on corporate officers and directors, I wanted to read you a few lines from a recent article about the Chinese government's response to corporate fraud. According to the article:

China executed four people, including employees of two of its Big Four state banks, for fraud totaling $15 million, the Xinhua state news agency said Tuesday, amidst a high-profile campaign against financial crime. The executions come after a string of arrests in white-collar crime as China prepares to sell shares in its big banks.

The article noted, in conclusion, that "[l]egal experts have called for a 'kill fewer, kill carefully' policy for non-violent crimes." My friend Eliot Spitzer was heard to criticize the approach as too soft.

While we have focused significant attention on accountability of senior corporate management for financial reporting and other securities law violations, we have not ignored the responsibility of the companies themselves. Our record $2.25 billion penalty against WorldCom, which was settled in bankruptcy by the company's payment of $750 million is perhaps the best-known example. More recently, Bristol-Myers paid $150 million for its fraudulent earnings management scheme; Royal Dutch Shell paid a $120 million penalty in connection with its misstatements of oil reserves; and we have imposed very large penalties against a number of mutual fund complexes for their roles in the mutual fund market timing scandal. Indeed, we have imposed 15 penalties over $50 million in the last year and a half, including many of the highest penalties ever obtained in SEC enforcement actions.

Conclusion

So how can our enforcement program help prevent a recurrence of the corporate abuses that led to the adoption of Sarbanes-Oxley? As I've discussed today, I believe it's by focusing on the very themes embodied in the legislation: holding gatekeepers responsible, aggressively pursuing obstruction of our investigations, and creating more personal accountability and deterrence in the corner offices of America's public companies. Of course, the corporate community and its service providers are the first line of defense against corporate misconduct. But what we want to do is focus their minds, to have them think, when they wake up in the morning, if I fail to live up to my legal and fiduciary obligations, if I don't hold the line with my corporate client and resist pressure to acquiesce in wrongdoing, the consequences will be swift and severe.